Los Angeles-based Wonderful Health and Wellness has notified patents that their electronic protected health information (ePHI) was exposed in early December, 2016 when an unencrypted laptop computer was stolen from the company’s Wonderful Center for Health Innovation.

Staff at the Center discovered the laptop computer was missing on December 12 when they returned to work after the weekend, with the theft having occurred at some point between December 9 and 12. The theft was immediately reported to law enforcement, although the device has not been recovered.

The laptop contained a range of protected health information including patients’ names along with their home addresses, telephone numbers, dates of birth, email addresses, clinical account numbers, medical conditions, treatment information, treatment dates, and test results. No Social Security numbers or financial information were stored on the device.

While the laptop computer was not encrypted, software had been installed which allows data on the device to be remotely deleted, although only if the laptop is used to connect to the Internet. Wonderful Health and Wellness has programmed the software to delete all sensitive data on the device the next time the device connects.

Patients were notified of the potential ePHI breach on January 18, 2017. At that point, there was no indication that any of the data on the device had been accessed or used inappropriately.

Wonderful Health and Wellness has conducted a review of its strategy for storing and transmitting medical information and additional safeguards have already been implemented to better secure patients’ medical information and prevent future breaches of this nature from occurring.

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal, so it is currently unclear how many patients have been impacted by the incident.

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.